SQL injection and "$usermodel->validateauthentication"

I’m writing third party software that will be using my xenforo forum as an authentication system. Can I call the $userid = $usermodel->validateauthentication($username, $password, $error); with a raw data given by the user without having to be afraid of any kind of SQL injection or other problems like that?

I know xenforo itself is being protected by all kind of nasty stuff like this and I'm not wanting to create a new one for my board because of my flawed programming.